Force IIS7 to suggest downloading *.exe files in "Local intranet" zone

Question

Problem:

1. html file on local server (inside our organization) with link to an exe on the same server.
2. clicking the link runs the exe on the client. Instead I want it to offer downloading it.

Tried so far:

1. Changed permissions on the exe's virtual directory to be read and script.
2. Added Content-disposition header on the exe's directory.
3. I can't change settings in the browser. It's intended for a lot of people to consume.

Answer 1

You need to set content-disposition in the HTTP header.

This Microsoft Knowledge Base entry has more detail on how to do this.

Answer 2

Whether a file is downloaded or opened automatically is a browser, not a server, side setting.

The other way of doing it would be to change the MIME type for the file to something like application/octet-stream or similar to try and force your browser to download it.

Answer 3

Runs them where: on the server, or on the client? If on the server: set the handler mappings of the file so that CGI-exe is disabled. If on the client: then this is a web browser issue - it shouldn't be running EXEs directly! What browser is it?

As Dave Webb mentions, you could use the Content-Disposition HTTP header: these can be added using HTTP Response Headers in IIS7 for that directory/file.